You may assume "controls DNS" means potential control over delivery or content of unencrypted DNS packets, e.g. the operator of a parent nameserver, the operator of an open resolver, a delegated authoritative nameserver (e.g., Cloudflare), someone else intercepting and modifying packets, etc.

Rephrased question: In what ways, if any, is Web PKI dependent on DNS?

And thus we are back to asking for DNSSec. With DNSSec all Records are signed with RRSIGs, and can be validated as being legitimate answers. Your client needs to support validating these of course.

Now, there are a lot of people who don't like DNSSec, and I don't blame them. It's a hot mess in terms of deployment, etc.

It feels like with CAA, TLSA, and other record types we're getting closer to some of the security people want in DNS. We also now have a pretty decent RFC for DNS over TLS, which provides privacy (where needed) in addition to the signed records.

We should be able to come up with a solution to securing DNS by utilizing the existing CA systems out there. Where we could sign zones, and verify them, independent of the chain of DNSKEY to DS records all the way back to the root (this would be different from the current DNSSec validation). I'm not aware of any existing RFCs for something like this.

> Not interested in a debate over DNSSEC, but please note I used the word "unencrypted" for a reason.

If you want privacy you use DNS over TLS or DNSCrypt. If you want assurance that the records can be trusted, the signatures are required. Because DNS relies on so many intermediary nodes for caching, etc, you need both. You need the RRSIG to validate that the zone actually created and manages that record. If you don't want people snooping on your queries, then you need a secure encrypted connection.

You need both.

> djb has suggested DNSSEC signed RRs are still vulnerable to forgery.

can you find that? I know he's very much against DNSSEC, but I haven't seen comments on forgery specifically.

I use trusted sources for lists of authoritative servers I need. I store IP addresses for those servers permanently and track changes in them, if any, over time.

I have little interest in what ICANN certifies as a "valid" or "invalid" name. DNSSEC therefore does not appeal to me.

IMO, better Web PKI could be focused on IP addresses and user-generated public keys (maybe combined with user-chosen "pet names"), something like SSH. Instead it appears to be solely focused on names issued by a third party and certificates based on those names, also issued by a third party.

They definitely support issuewild now, but annoyingly will inject their own extremely broad CAA records into your zone unless you go into a different UI and hit "Disable Universal SSL" down the bottom of the page, even if you don't use their proxy service. I tried submitting feedback about this but I assume it got ignored by the support rep.

Not a huge fan of the CAA UI. I would prefer the option to enter the RRs in a raw format (like TXT records), even if it's not the default UI.